[
https://issues.apache.org/jira/browse/OAK-9447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17886692#comment-17886692
]
José Andrés Cordero Benítez commented on OAK-9447:
--------------------------------------------------
Hi [~Gamby1980], thanks for your contribution.
Yes I can have a look when the changes are ready. There is a PR linked above
with the changes up to 4.8 done, not sure if you have continued from there or
started from scratch.
About the CVEs, they shouldn't have an impact on the normal uses of the
mongo-java-driver, as they are related with the compression/decompression
libraries, meaning the mongo server you are connected to should send you the
malicious payload to exploit the CVE.
> Upgrade Mongo java driver to 4.7
> --------------------------------
>
> Key: OAK-9447
> URL: https://issues.apache.org/jira/browse/OAK-9447
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: documentmk
> Reporter: José Andrés Cordero Benítez
> Assignee: Jose Andrés Cordero
> Priority: Major
>
> Upgrade Mongo java driver to 4.2+
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
